Payment cards, such as credit or debit cards, are commonly used for payment in a variety of transactions. For example, payments are often made for purchases in association with a point-of-sale (POS) computer system of a retailer such as a supermarket. In addition, vending kiosks are small, stand alone structures that are employed to deliver a number of different products to a consumer with payment being made via cash or payment card. One type of vending kiosk is a postal services kiosk, wherein a customer is able to purchase postage and then post mail in a convenient fashion. Such kiosks are typically designed to weigh the mail, inform the user as to the amount of postage due and, upon user acceptance and payment, dispense the postage.
The Payment Card Industry Security Standards Council (PCISSC) is an organization comprised of a number of major credit card companies that sets standards aimed at limiting theft related to fraudulent acquisition and use of payment card data. Such theft is most often the result of data breaches at merchants that accept payment cards. In these cases, sensitive data, which includes the full payment card account number, cardholder name and card expiration date, has been fraudulently obtained. As a result, the PCISSC has established what are known as Data Security Standards (DSS). The key requirements of DSS include: (1) building and maintaining a secure network, including a firewall configuration, (2) protecting cardholder data while stored and transmitted across open public networks using encryption technology, (3) maintaining a vulnerability management program including using and updating anti-virus software, (4) implementing strong access control measures that restrict access to cardholder data, (5) regularly monitoring and testing networks, and (6) maintaining an information security policy. These standards involve physical and cryptographic security around the data and systems that accept and process payment card data, are very restrictive and both difficult and costly to implement, particularly for kiosk systems that may be in environments that are not monitored and not physically secure.
Thus, there is a need for systems and methods for processing payments using payments cards that simplify compliance with data security requirements and standards relating to payment cards such as the PCI-DSS requirements.